CVE-2016-2922

Summary

IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.

Affected Software

VendorProductVersion RangeStatus
IBMRational ClearQuest8.0affected
IBMRational ClearQuest8.0.0.1affected
IBMRational ClearQuest8.0.0.2affected
IBMRational ClearQuest8.0.0.3affected
IBMRational ClearQuest8.0.0.4affected
IBMRational ClearQuest8.0.0.5affected
IBMRational ClearQuest8.0.0.6affected
IBMRational ClearQuest8.0.0.7affected
IBMRational ClearQuest8.0.1affected
IBMRational ClearQuest8.0.0.8affected
IBMRational ClearQuest8.0.1.1affected
IBMRational ClearQuest8.0.0.9affected
IBMRational ClearQuest8.0.0.10affected
IBMRational ClearQuest8.0.0.11affected
IBMRational ClearQuest8.0.1.2affected
IBMRational ClearQuest8.0.1.3affected
IBMRational ClearQuest8.0.1.4affected
IBMRational ClearQuest8.0.0.12affected
IBMRational ClearQuest8.0.1.5affected
IBMRational ClearQuest8.0.0.13affected
IBMRational ClearQuest8.0.1.6affected
IBMRational ClearQuest8.0.0.14affected
IBMRational ClearQuest8.0.1.7affected
IBMRational ClearQuest8.0.0.15affected
IBMRational ClearQuest8.0.1.8affected
IBMRational ClearQuest8.0.0.16affected
IBMRational ClearQuest8.0.1.9affected
IBMRational ClearQuest8.0.0.17affected
IBMRational ClearQuest8.0.1.10affected
IBMRational ClearQuest8.0.0.18affected
IBMRational ClearQuest8.0.1.11affected
IBMRational ClearQuest9.0affected
IBMRational ClearQuest9.0.0.1affected
IBMRational ClearQuest8.0.0.19affected
IBMRational ClearQuest8.0.1.12affected
IBMRational ClearQuest9.0.0.2affected
IBMRational ClearQuest8.0.0.20affected
IBMRational ClearQuest8.0.1.13affected
IBMRational ClearQuest9.0.0.3affected
IBMRational ClearQuest8.0.0.21affected
IBMRational ClearQuest8.0.1.14affected
IBMRational ClearQuest9.0.0.4affected
IBMRational ClearQuest9.0.1affected
IBMRational ClearQuest8.0.1.15affected
IBMRational ClearQuest9.0.0.5affected
IBMRational ClearQuest9.0.1.1affected
IBMRational ClearQuest8.0.1.16affected
IBMRational ClearQuest9.0.0.6affected
IBMRational ClearQuest9.0.1.2affected
IBMRational ClearQuest8.0.1.17affected
IBMRational ClearQuest9.0.1.3affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References